Blog
CVE-2026-35273 (CVSS 9.8): ShinyHunters Exploited Oracle PeopleSoft as a Zero-Day for 13 Days — 100+ Organisations Breached
Oracle PeopleSoft CVE-2026-35273 (CVSS 9.8) was actively exploited as a zero-day by ShinyHunters for 13 days, compromising 100+ organisations globally. Patch PeopleTools 8.61/8.62 immediately.
Read More →CVE-2026-33825 BlueHammer (CVSS 7.8): Microsoft Defender Is Now a Ransomware Escalation Tool — Patch Before Your Next Incident
CISA confirms BlueHammer (CVE-2026-33825, CVSS 7.8) in Microsoft Defender is now used in active ransomware attacks. Check your Defender version — patch today.
Read More →CVE-2026-8451 (CVSS 8.8): Citrix NetScaler SAML Flaw Exploited Within 24 Hours — Is Your Identity Provider a Backdoor?
CVE-2026-8451 (CVSS 8.8) is a pre-auth NetScaler SAML memory overread exploited within 24 hours of disclosure. Patch to 14.1-72.61 or 13.1-63.18 now — here is what to do.
Read More →CVE-2026-45659 (CVSS 8.8): SharePoint RCE Now in CISA’s KEV — Storm-2603 Is Already Knocking
CISA added CVE-2026-45659 (CVSS 8.8) to its KEV catalog on July 1, 2026. This SharePoint Server RCE lets any Site Member execute code remotely—patch before July 4 or risk a…
Read More →CVE-2026-8037 (CVSS 9.8): Progress Kemp LoadMaster Pre-Auth RCE Is Under Active Attack — Patch Now or Hand Attackers Root
Attackers are actively probing CVE-2026-8037, a CVSS 9.8 pre-auth RCE in Progress Kemp LoadMaster. Upgrade to GA v7.2.63.2 or LTSF v7.2.54.18 immediately — no credentials needed to exploit.
Read More →CVE-2026-48558 (CVSS 10.0): Attackers Are Using SimpleHelp RMM to Deploy Djinn Stealer — Patch Before Your NOC Becomes a Backdoor
CVE-2026-48558 is a CVSS 10.0 OIDC auth bypass in SimpleHelp RMM. Attackers are already deploying Djinn Stealer across 14,000 servers. Here's what to patch now.
Read More →SAP NetWeaver Under Fire: CVE-2026-44748 (CVSS 9.9) SAML Bypass + CVE-2026-27671 (CVSS 9.8) — Indian Enterprises Must Patch Now
SAP NetWeaver faces twin critical flaws: CVE-2026-44748 (CVSS 9.9) SAML bypass and CVE-2026-27671 (CVSS 9.8) unauthenticated RCE. Patch now — PoC is public.
Read More →CVE-2026-55200: The SSH Library Hidden in Git, curl & PHP Just Got a Public Exploit — Patch Immediately
CVE-2026-55200 (CVSS 9.2) in libssh2 ≤1.11.1 allows pre-auth RCE from a malicious SSH server. curl, Git, and PHP are affected. Patch to 1.11.2 now.
Read More →WorldLeaks Steals 630 GB from Tata Electronics: Apple & Tesla Trade Secrets Exposed — India’s Wake-Up Call
WorldLeaks ransomware group silently stole 630 GB of Apple & Tesla trade secrets from Tata Electronics. Here is what every Indian manufacturer must do now.
Read More →CVE-2026-50751: Check Point VPN Zero-Day Exploited by Qilin Ransomware — Patch Now
CVE-2026-50751 (CVSS 9.3) lets attackers bypass Check Point VPN authentication without credentials. Qilin ransomware affiliates have exploited this since May 7. Full technical analysis and patching guide for enterprise teams…
Read More →